|
SSRC Talk: Andrew Leung
Petascale, high-performance file systems often hold
sensitive data and thus require security, but authentication
and authorization can dramatically reduce
performance. Existing security solutions perform poorly in
these environments because they cannot scale with the number
of nodes, highly distributed data, and demanding
workloads. To address these issues, we developed Maat, a
security protocol designed to provide strong, scalable security
to these systems. Maat introduces three new techniques.
Extended capabilities limit the number of capabilities
needed by allowing a capability to authorize I/O for any number of
client-file pairs. Automatic Revocation uses short
capability lifetimes to allow capability expiration to act
as global revocation, while supporting non-revoked capability renewal.
Secure Delegation allows clients to securely act on
behalf of a group to open files and distribute access,
facilitating secure joint computations. Experiments on the
Maat prototype in the Ceph petascale file system show an
overhead as little as 6-7%.
| When: | Wednesday, October 31, 2007 at
12:00 PM |
| Where: | E2-599 |
| SSRC contact: |
Andrew Leung
|
Streaming video
is available for this event.
Last modified 9 Apr 2008
|
RSS: Events
|
News
|
Papers
